Tecnologie e Sistemi per la Sicurezza LS 2008/2009

Goal of the Course

The goal of this 60-hour course is to acquire familiarity with the main issues and technologies related to the design and development of secure Internet systems and applications. To this end, the course aims at making students able to understand 1) the different aspects and nuances of security, with special regard to cryptography and digital signature issues and techniques, including the ability to practical master the related Java-based technologies; 2) the methodological aspects of implementing secure systems; 3) the main access control issues, related models and technologies.

Program

The course is structured in two modules (40h + 20h, respectively), each integrating classic lectures with laboratory sessions.

1st Module

Security as a must in modern applications. Practical introduction to the basics of steganography and steganalysis. The role of cryptography and related technologies. Password creation and related weaknesses: the way towards more robust passwords. The main approaches and use patterns of such technologies in the e-commerce scenario and in the exchange of legally-valid digital documents in the Public Administration and Government. Public key infrastructures and certification authorities. Tools and APIs for the development of secure applications (and applets) in the Java2 platform. The SE Linux operating system as a notable case study of secure operating system.

2nd Module

Introduction to biometric technologies. Methodological approaches to the analysis and design of secure systems.
Security patterns and their use for designing and implementing secure systems. Access control techniques: DAC, MAC, RBAC. Firewalls and web security. Social engineering issues in the context of building secure systems.

Slides 1st Module

  • Introduction to the Course
  • Steganographia
  • Cryptography
  • Integrity and Autentication
  • Passwords Security
  • Digital Signature

Slides 2nd Module

  • Introduction to the second module
  • Security Engineering